SCO Unixware 7.1 pkginstall Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/853/info It is possible to view the entries in /etc/shadow through exploiting a buffer overflow in pkgcat and pkginstall. Though neither of these binaries are setuid, the dacread permissions which are granted in...

Perl 5.6.0 (on Linux) getpwuid() leave /etc/shadow opened

I'm not sure how serious this issue is, but I think it may cause problems in some environments. The system is Linux, RedHat 7.0, Perl 5.6.0, glibc 2.2.4, latest updates. Recently I run 'lsof' on unprivileged Apache httpd process running modperl application and was pretty surprised to see...

SCO Unixware 7.1 pkgcat - Local Buffer Overflow

// source: https://www.securityfocus.com/bid/853/info It is possible to view the entries in /etc/shadow through exploiting a buffer overflow in pkgcat and pkginstall. Though neither of these binaries are setuid, the dacread permissions which are granted in /etc/security/tcb/privs give them the...

SCO Unixware 7.1 pkginstall - Local Buffer Overflow

// source: https://www.securityfocus.com/bid/853/info It is possible to view the entries in /etc/shadow through exploiting a buffer overflow in pkgcat and pkginstall. Though neither of these binaries are setuid, the dacread permissions which are granted in /etc/security/tcb/privs give them the...